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Abstract. In this work, we design the game semantics for timed equiva- 
^v^j lences and preorders of timed processes. The timed games corresponding 

to the various timed relations form a hierarchy. These games are similar 
i i to Stirling's bisimulation games. If it is the case that the existence of a 

winning strategy for the defender in a game Q\ implies that there exists 
P-h a winning strategy for the defender in another game Q2, then the relation 

that corresponds to Gi is stronger than the relation corresponding to Q^- 
O The game hierarchy also throws light into several timed relations that 

are not considered in this paper. 
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\q 1 Introduction 

O 

Bisimulation games [11] have been defined for discrete procsses. Surpisingly, 
there are no game semantics for similar relations with real time. In this pa- 
per, we extend bisimulation games to provide a coherent game structure for 
k> equivalence and preorder relations that involve real time. In [13], several se- 

5_i mantic equivalences have been defined and compared in a model independent 

way. Some of these equivalences have been extended for real time as well. For 
example, there are well known notions of equivalences which include timed bisim- 
ulation and time abstracted bisimulation. In [12], equivalences even weaker than 
time abstracted bisimulation have been defined. They are time abstracted delay 
bisimulation and time abstracted observational bisimulation. In timed bisimula- 
tion, every time delay needs to be matched exactly which makes it a very strong 
form of equivalence. Time abstracted bisimulation on the other hand is a much 
weaker form of equivalence where a time delay by one process can be matched 
by any delay so that the respective derivatives are time abstracted bisimilar. To 
bridge this gap, in this paper we introduce interval bisimulation which lies in 



2 



between timed and time abstracted bisimulation. We can also conceive of a simu- 
lation relation corresponding to each of these bisimulation relations. In this work, 
we consider the hierarchy of these timed relations. Apart from proposing inter- 
val bisimulation and simulation equivalences corresponding to each well known 
bisimulation relation, the main contribution of this work includes proposing a 
generalized game semantics for these timed relations. This generalized game se- 
mantics will have certain parameters which being assigned different values can 
correspond to each of the relations shown in figure 1. For the sake of completion 
of this spectrum of timed relations, we also include timed performance prebisim- 
ulation which has been proposed in the recent work [8]. In this work, more 
particularly, we propose the game semantics for timed automata processes. We 
choose timed automata since it is a well studied formalism and the decidabil- 
ity results for many of the relations based on timed automata are known. In 
contrast to Van Glabbeek's spectrum, at this point of time, we do not consider 
any form of trace equivalence in our work. We also do not consider either timed 
counterparts of relations like 2-nested simulation preorder or ready equivalence 
since the study of such relations are not known with respect to real time to the 
best of our knowledge. Game semantics for the equivalences in Van Glabbeek's 
spectrum has been proposed in [3]. In figure 1, we present a spectrum of the 
timed relations mentioned above. In section 2, we present timed automata and 
its semantics briefly. In section 3, we present zone valuation graph as defined in 
[8]. Section 4 describes several timed relations and compares them. In section 5, 
we present the game characterizations of these timed relations. In section 6, we 
provide several lemmas that can be used to construct the hierarchy of the timed 
games. We conclude in section 7. 

2 Timed Automata 

Timed automata [2] is an approach to model time critical systems where the 
system is modeled with clocks that track elapsed time. Timing of actions and 
time invariants on states can be specified using this model. 

A timed automaton is a finite-state structure which can manipulate real- 
valued clock variables. Corresponding to every transition, a subset of the clocks 
can be specified that can be reset to zero. In this paper, the clocks that are 
reset in a transition are shown as being enclosed in braces. Clock constraints 
also specify the condition for actions being enabled. If the constraints are not 
satisfied, the actions will be disabled. Constraints can also be used to specify 
the amount of time that may be spent in a location. The clock constraints B(C) 
over a set of clocks C is given by the following grammar: 

g ::= x — c | g A g 

where c e N and x € C and - e {<, <, =, >, >}. A timed automaton over a 
finite set of clocks C and a finite set of actions Act is a quadruple (L, Iq, E, I) [1] 
where L is a finite set of locations, ranged over by I, Iq € L is the initial location, 
E C L x B(C) x Act x 2 C x L is a finite set of edges, and I : L -> B(C) 
assigns invariants to locations. 
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Fig. 1. Spectrum of timed relations 



2.1 Semantics 

The semantics of a timed automaton can be described with a timed labeled 
transition system(TLTS)[l]. Let A = (L,Iq, E, I) be a timed automaton over a 
set of clocks C and a set of visible actions Act. The timed transition system T(A) 
generated by A can be defined as T(A) = (Proc, Lab, \a € Lab}), where 
Proc = {(I, v) | (I, v) € L x (C — > M>o) and v \= 1(1)}, i.e. states are of the form 
(l,v), where / is a location of the timed automaton and v is a valuation that 
satisfies the invariant of I. We use the terms process and state interchangeably 
in this text. Lab = Act U R>o is the set of labels; and the transition relation is 
defined by (l,v) {l',v') if for an edge (I g -^> I') e E, v \= g,v' = v[r] and 
v' \= 1(1'), where an edge (I g -~-l V) denotes that I is the source location, g is 
the guard, a is the action, r is the set of clocks to be reset and V is the target 
location. (I, v) — > (I, v + d) for all d G ]R>o such that v \= 1(1) and v + d \= 1(1) 
where v + d is the valuation in which every clock value is incremented by d. Let 
v a denote the valuation such that Vq(x) = for all x £ C. If v satisfies the 
invariant condition of the initial location Iq, then (^^o) is the initial state or 
the initial configuration of T(A). 



3 Graph Structure for Games 



A bisimulation game [11] [3] is a two player game and consists of two graph struc- 
tures on which the game is played. The graphs are the visual representation of 
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the two process descriptions for which the existence of a bisimulation relation 
has to be checked. For the games corresponding to timed equivalence and timed 
preorder relations too, we need to use a graph structure on which such timed 
games can be played. In this paper, we show how zone valuation graph [8] and 
some of its variants are used as the graph structure on which the games corre- 
sponding to the timed relations are played. One must note that zone valuation 
graph cannot be directly used in all the games discussed later. We may require 
certain modifications in the graph structure to characterize the games for various 
timed relations. 

We briefly describe zone valuation graph. For this we first introduce zone 
and zone graph. The following two definitions are from [14]. 

3.1 Zone Valuation Graph 

Definition 1. zone: The characteristic set of a linear formula <f>, a clock con- 
straint of the form x c or a diagonal constraint of the form x — y ' c, where 
x,y € C, is the set of all valuations for which <f> holds. A zone is a finite union 
of characteristic sets. 

A zone graph is similar to a region graph[l] with the difference that each 
node consists of a timed automaton location and a zone. 

Definition 2. zone graph: For a timed automaton P = (L,Iq,E,I), a zone 
graph is a transition system (S, Sq, Lep, — >), where Lep — ActU{e}, e is an action 
corresponding to delay transitions of the processes of the zone, S C L x <2> V (C) 
is the set of nodes, s = (l , <j>o(C)), — >C S x Lep x S is connected, 4>o{C) is the 
formula where all the clocks in C are and <P V (C) denotes the set of all zones. 

Definition 3. Bisimulation between zone graphs 

For two zone graphs, Z\ = (Si, Si, Lep, — >i) and Z 2 = (S2, s 2 , Lep, -^2), Z\ 
is strongly bisimilar[9] to Z 2 , denoted as Zi ~ Z 2 , iff the nodes Si and s 2 are 
strongly bisimilar, denoted by Si <~ s 2 . 

While checking strong bisimulation between the two zone graphs, e is consid- 
ered visible similar to an action in Act. The e action represents a process delay 
d e K>o, where d > 0. Hence each node in the zone valuation graph has an 
e transition to itself. Besides as in region graph, e transitions are transitive in 
nature. To avoid clutter, the self loops and the transitive e transitions are not 
shown in any of the zone valuation graphs in this paper. We present here zone 
valuation graph as defined in [8]. One should note that a zone valuation graph 
corresponds to a particular timed process or valuation of the timed automaton. 

It is possible to have different zone graphs corresponding to a timed automa- 
ton. For a timed automaton A = (L, Iq, E, I) and a process r = (lj, ) 6 T(A), 
we are interested in a particular form of zone graph r ^ — (S, s r , Lep, — >•) which 
satisfies the following properties: 

1. set S is finite. 
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2. For every node s e S the zone corresponding to the constraints (j> s is convex. 

3. vi 6 |= (f> Sr . Note that may or may not satisfy <fro(C). 

4. For any two processes p, q G T(A), if their valuations satisfy the formula <f> T 
for the same node r G S then p ^ M g, i.e. p is time abstracted bisimilar to q. 

5. For two timed automata A\, A 2 and two processes p G T{A\) and g € T(A 2 ), 

z (A uP ) ~ Z(A 2 ,q) & P ~« 9- 

6. It should be minimal to the extent of preserving convexity of the zones and 

gives a canonical form. 

For any node s £ S, let £/(s) represent the set of all processes reachable from p 
with the same location as that of s and whose valuations satisfy (f> s . p is the initial 
clock valuation corresponding to which the zone valuation graph is created. The 
following definitions are from [8]. 

Definition 4. Span: For a given node s G S and a clock x € C, min x (s) and 
max x (s) represent the minimum and the maximum clock valuations of a clock x 
across all processes in node s. For x > c, min x (s) — c, forx > c, min x (s) = c+S 
and max x (s) = oo. For x < c, max x {s) — c, for x < c, max x (s) = c — 8 and 
min x — in both cases. Here S is a symbolic representation of an infinitesimally 
small value. We define range{x 1 s) as max x (s) — min x (s). The span of a node 
s € S is defined as Ai{s) — min{range(x, s) \ x G C}, i.e. minimum of all 
clocks' ranges. We define a clock y belonging to the set {y | range(y, s) — A4(s)} 
to be a critical clock of node s. 

For example, in a zone valuation graph with two clocks x and y, the span of a 
node s with <fi s — x > 3 and y < 1 is min(oo, 1 — S) = 1 — 6 whereas span for 
a node with <p s = x > 1 and y = 2 is mm(oo,0) = 0. We say that for a node 
s in the zone valuation graph, range(x, s) = m — I — 28 where valuations for 
clock x lie in the range I < x < m. It is to be noted that 25 is also a symbolic 
value. It is to be noted that for a given node s, range{x, s) is the same for all 
clock variables x € C if the zone corresponding to node s is not abstracted 
with respect to any clock variable. If the zone corresponding to s is abstracted 
with respect to one or more clock variables then for each such variable x G C, 
range(x, s) = oo. For example in figure 2, we show a timed automaton and part 
of its zone valuation graph. The zone corresponding to rightmost node in the 
part of the zone valuation graph shown inthc figure, is abstracted with respect to 
clock x and hence range(x, s) = oo, whereas range(y, s) = range(z, s) = 1 — 28. 

Definition 5. Given a timed automaton A, let Zi A ^ p \ be the zone valuation 
graph corresponding to process p € T(A). Let p' G T{A) be a process reachable 
fromp and s be the node of Z(A,p) su °h that p' G Q{s). Let x be a critical clock of 
s andvp'(x) denote the valuation of clock x for process p' . We define maximum 
admissible delay for p' in s as max x (s) — v p <(x). 

For example, from the figure describing zone valuation graph for automaton 1 in 
figure 6 , the maximum admissible delay for the process (A, x = 1) is 2 — 1 = 1. 

The algorithm for creating zone valuation graph consists of two phases. In 
the first phase, forward and backward analysis of the given timed automaton 
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(a) (b) 

Fig. 2. Range of clocks in zone valuation graph node 



produces a zone graph where zones are split based on a canonical decomposition 
[12] of the constraints on the outgoing edges in the timed automaton. In the 
second phase, the nodes in the zone valuation graph produced after phase 1 that 
are strongly bisimilar to each other are merged using Paige-Tarjan algorithm 
[10] to produce a canonical form of the zone valuation graph. After merging, 
every node in the zone valuation graph denotes time abstracted bisimilar classes 
of the timed LTS of the given timed automaton that preserves convexity. Note 
that after phase 1, strongly bisimilar nodes corresponding to different locations of 
the timed automaton can also be combined. In such case, we say that the location 
set of combined node is the set of locations of the nodes that are combined. 

Forward analysis may cause a zone graph to become infinite [5]. To ensure 
finitcncss of the zone graph, several kinds of abstractions have been proposed in 
the literature [4] [5] [6]. In [8], location dependent maximal constants abstraction 
[5] is used to get a finite zone valuation graph. 

The time complexity required for creation of zone valuation graph has also 
been derived given in [8]. In the worst case, the zone valuation graph created 
becomes same as region graph and hence the worst case complexity of creation of 
zone valuation graph is exponential in the number of clocks. For a given timed 
automaton, if n be the number of locations in the timed automaton and \S\ 
and m denote the number of nodes and edges respectively in the zone valuation 
graph produced after phase 1 of the algorithm, then the total time required in 
both phases for construction of the zone valuation graph is 0(n 2 (\C\ 3 n + \S\ x 
\C\ + n 2 x log n) + \S\ x log m). 



4 Equivalences and Preorders for Timed Systems 

We discuss here several bisimulations, simulation equivalences and preorders 
dealing with real time for timed processes that are states or valuations of a 
timed automaton execution. 

Definition 6. Timed bisimilarity: A binary symmetric relation IZt over the 
set of states of a TLTS is a timed bisimulation relation if whenever pilZ t p 2 , for 
each action a e Act and time delay d e M> 
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if Pi A p\ then there is a transition p 2 A p' 2 such that p'{R.tp' 2 , and 
if pi A p[ then there is a transition p 2 A p' 2 such that p[lZ t p 2 . 
Timed bisimilarity ~ t is the largest timed bisimulation relation. 

Timed automata A\ and A 2 are timed bisimilar if the initial states in the corre- 
sponding TLTS are timed bisimilar. Matching each time delay in one automaton 
with identical delays in another automaton may be too strict a requirement. 
Time abstracted bisimilarity is the relation obtained by a relaxation of this re- 
quirement where p[ <~ t p' 2 is replaced uniformly by p\ ^ u p' 2 and the second 
clause of definition 6 is replaced by 

if Pi ^ Pi then there is a transition p 2 A p 2 , such that p[ ^ u p 2 . The delay d 
can be different from d' . 

Timed automata A\ and A 2 are time abstracted bisimilar if the initial states in 
the corresponding TLTS are time abstracted bisimilar. 

In this work, we introduce below interval bisimulation to bridge the gap 
between timed and time abstracted bisimulation and provide its game semantics 
later indicating how it can be decided using zone valuation graph. 

Definition 7. Interval bisimilarity: A binary symmetric relation IZi over the 
set of states of a TLTS is an interval bisimulation relation if whenever p{lZip 2 , 
for each action a € Act and time delays d, d! G R>q 

if Pi A p\ then there is a transition p 2 A p' 2 such that p'{R,; L p 2 , and 

if Pi ~~ Pi then there is a transition p 2 A p' 2 such that p[lZip 2 and d! = d if 
frac(d) = and d! e ( \d\ , \d~\ ) otherwise. Here frac(d) denotes the fractional 
part of delay d. 

Interval bisimilarity ~j is the largest interval bisimulation relation. 

Definition 8. Time Abstracted Delay Bisimilarity: A binary symmetric 
relation 1Z V over the set of states of a TLTS is a time abstracted delay bisim- 
ulation relation if whenever pilZ y p 2 , for each action a e Act and time delays 
d, d' e R> a 

if Pi A p[ then there is a transition p 2 A A p' 2 such that p'{R, y p' 2 , and 

if pi A p[ then there is a transition p 2 A p 2 such that p'{H y p' 2 . 
Time abstracted delay bisimilarity ^ y is the largest time abstracted delay bisim- 
ulation relation. 

Definition 9. A time abstracted observational bisimulation relation, 1Z Q can be 
defined by replacing lZ y uniformly with 1Z in definition 8 and the first clause in 
definition 8 being replaced by the following: 

if pi A p[ then there is a transition p 2 AAA p' 2 such that p[lZ p 2 . Time 
abstracted observational bisimilarity, denoted by is the largest time abstracted 
observational bisimulation relation. 

Definition 10. Timed Simulation: A timed process p 2 is said to time sim- 
ulate process pi if there exists a relation IZi such that for each action a e Act 
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and time delay d G R> 

if pi 4})'] then there is a transition P2 — > p' 2 such that p'{R-\p' 2 , and 

if Pi A p\ then there is a transition p 2 A p' 2 such that p'{R.\p' 2 . 

pi and p 2 are said to be timed simulation equivalent if pi time simulates p 2 and 

p 2 time simulates p\ . 

Thus corresponding to each of the bisimulation relation defined above, we can 
define a simulation equivalence. 

The following definition of timed performance prebisimulation is from [8]. 

Definition 11. Timed performance prebisimilarity: A binary relation B 
over the set of states of a TLTS is a timed performance prebisimulation relation 
if whenever p\Bp 2 , for each action a G Act and time delay d G M> 

if Pi A p' x then there is a transition p 2 A p 2 such that p[Bp 2 , and 
if p 2 A p' 2 then there is a transition p\ Ap'j such that p\Bp' 2 , and 

if pi A p\ then there is a transition p 2 A p 2 for d < d 1 such that p[Bp 2 ,and 

if Pi A p 2 then there is a transition pi A p[ for d> d 1 such that p[Bp 2 . 
Timed performance prebisimilarity ^ is the largest timed performance prebisim- 
ulation relation. 

4.1 Comparison Among these Relations 

It is easy to see from the definitions that strong timed bisimulation implies strong 
time-abstracted bisimulation whereas the converse is not true. Interval bisimu- 
lation lies in between timed bisimulation and time abstracted bisimulation and 
from the definitions, ^ u C ^ y C <~ G . Also existence of a bisimulation relation be- 
tween two processes implies the existence of the corresponding simulation equiva- 
lence. It is also easy to see that timed performance prebisimulation lies in between 
timed bisimulation and time abstracted bisimulation. Though not immediately 
evident, we will subsequently prove that timed performance prebisimulation is 
weaker than interval bisimulation. In figure 1, an arrow from one relation to the 
other denotes that the relation from which the arrow originates is stronger than 
the one to which it points. Hence we have ~ t => ~ j => ^ => ^ u => ~ y => ^ and it is 
easy to see that similar implication relations also exist among the corresponding 
simulation equivalences. Thus we obtain figure 1 where TZ\ — > 1Z 2 denotes that 
IZi is a strict subset of 7^2 • 

5 Game Characterization 

In [3], a hierarchy of games has been proposed that allows systematic compari- 
son of process equivalences for discrete processes. The process hierarchy of Van 
Glabbcck can be embedded in the game hierarchy defined in [3] . In this work we 
provide a similar game hierarchy so as to correspond to process equivalences and 
preorders that involve real time. Similar to the games in [3], our games are also 
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Ehrenfcucht-Frai'sse games where player I is known as the attacker and player 
II is called the defender. The game is played on a finite graph. In our case this 
finite graph is either the zone valuation graph or one of its variants as described 
later in detail. Corresponding to the two timed processes for which we want to 
check if they are related through one of the relations described in section 4, two 
graphs are first created on which the game is to be played. As in every EF game, 
the attacker chooses a graph and makes its move. The defender tries to repli- 
cate the move on the other graph. If the defender can always replicate the move 
the attacker makes, then it wins implying that the two processes are related 
through the relation that corresponds to the game. If at any point in time, the 
defender cannot replicate the move of the attacker, then it loses which implies 
that the two processes are not related through the corresponding relation. In a 
bisimulation game before any round, the attacker can also choose the graph on 
which it will make its move. The defender has to choose the other graph. If the 
attacker changes the graph between two consecutive rounds, it is known as an 
alternation. Alternations are not allowed in games corresponding to simulation 
equivalences. A game can be played infinitely or for a finite number of rounds. 
The moves made by the attacker or the defender can also differ from one game to 
another. In the EF games described in this section, the moves denote an action 
or a sequence of actions belonging to the set Act U {e}. Certain extra condi- 
tions can also be part of the game depending on the relation to which the game 
corresponds to. For example, in timed bisimulation game, after every move the 
defender needs to ensure that the span of its current node is exactly same as 
the span of the node in which the attacker resides. Ensuring the equality of the 
span is an extra condition. 

5.1 Game Template 

A timed game proposed in this work can be described using the grammar C ::= 
n — r k ' a 'P , C\ V £2- Each game is characterized by the following parameters 
as described below: 

- n : number of alternations. If not mentioned, it denotes no restriction on the 
number of alternations in the subgamc. 

- k : number of rounds; a subgame can have even infinite number of rounds. 

- G : underlying graph on which the game is played. It can be of the following 
types: Z denotes zone valuation graph, Z\ denotes the graph obtained after 
phase 1 of zone valuation graph construction. This can be used for games 
of time abstracted relations. Z sim denotes the graph that is obtained by 
combining the nodes of Z\ that are simulation equivalent. 

- a : a vector of two elements: the first element denotes the move chosen by 
attacker whereas the second element denotes the move chosen by defender. 

- j3 : extra condition in the game and may be of the following types: 

• = : This condition denotes that span has to be matched. We also use 
(si = s 2 ) to denote that the spans of nodes Si and s 2 should be the 
same. 
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• [=J : This condition denotes that the integer portion of the span has 
to be matched and if the decimal part of one span is 0, then so should 
be for the other. We also sometimes use (siL=J s 2) where S\ and S2 are 
nodes of the two zone valuation graphs. 

• G\ , < : Let the two graphs for the two timed processes be denoted by G\ 
and G2. This extra condition denotes that the span of any node in G\ 
should be less than or equal to the span of the corresponding bisimilar 
node in Gi. 

(3 if not specified denotes that there is no extra condition. 



5.2 Time Abstracted Bisimulation Game 

This is the EF bisimulation game played on the zone valuation graphs of two 
timed processes. There is no restriction on the number of rounds and the number 
of alternations. 

Lemma 1. The game T^ a ' a \ where a € Lep characterizes time abstracted 
bisimulation. 

Proof. This is a strong bisimulation game played on two zone valuation graphs. 
By construction of zone valuation graph, two processes are time abstracted bisim- 
ilar if their corresponding zone valuation graphs are strongly bisimilar. Hence 
the proof. □ 
Note that for any kind of time abstracted relation, the zone graph obtained 
after phase 1 of the zone valuation graph creation algorithm can be used. The 
intuition behind this is that in phase 2, the zones that are behaviorally similar 
(bisimilar or simulation equivalent) are combined in this phase. Only the span of 
the combined zone changes which is required for matching the time. Thus phase 
2 is important for timed relations only. 

Example 1. Figure 3 shows two timed automata and their corresponding zone 
valuation graphs for timed processes (A, x = 0) and (A', x — 0). The defender has 
a universal winning strategy for the game r^ a '°^ and hence the two processes 
are time abstracted bisimilar. 



5.3 Timed Bisimulation Game 

This game is same as the game for time abstracted bisimulation but has an extra 
condition which specifies that the spans of every pair of bisimilar nodes from the 
two zone valuation graphs should be equal. 

Lemma 2. The game p^ a > a ^- ; w here a G Lep characterizes timed bisimula- 
tion. 

Proof. In this game if the defender has a universal winning strategy then it 
implies that the two zone valuation graphs are strongly bisimilar and every pair 
of bisimilar nodes in the two zone valuation graphs have equal span. This implies 
that the two timeed processes are timed bisimilar. The detailed proof is given in 
[7]. □ 
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Automaton 1 Automaton 2 




x > 1 x > 2 



Zone valuation graph for automaton 1 Zone valuation graph for automaton 2 

Fig. 3. Example of time abstracted bisimulation game 



Example 2. In this example, we consider two timed automata as given in [1]. 
Figure 4 shows the two timed automata and their corresponding zone valuation 
graphs for timed processes (A, x = 0) and (A',x = 0). The defender has a 
universal winning strategy for the game p^ a ' a ^~ anc j hence the two processes 
are timed bisimilar. In the figure, the spans of the nodes are indicated within 
parentheses. 

5.4 Interval Bisimulation Game 

This game is same as the game for timed bisimulation with the following dif- 
ference. Let s p and s q be the initial nodes of the zone valuation graphs corre- 
sponding to processes p and q. It is not required that the spans of s p and s q 
have to be equal but the integer parts of the spans should be the same and if 
the fractional part of one span is 0, so should be for the other node. Thus the 
game characterization for interval bisimulation is r^ > '^ a ' a ' > '( s pL-_K' Si - S2 ) ^ ^gj-g 
(si, s 2 ) ^ {s p , s q ) and a e Lep. 

Theorem 1. A universal winning strategy for the defender in the game p^ a ^^- 
where (si, S2) ^ (s p , s q ) and a € Lep denotes that the two timed processes p and 
q are interval bisimilar. Here s p and s q are the initial nodes of the two zone 
valuation graphs. 

Proof. For the initial nodes s p and s q , [M(s p )\ = [M(s q )\, i.e. the integer 
portions of the spans match and frac(A4(s p )) = <^=> frac(M.(s q )) — and for 
the rest of the bisimilar nodes from the two zone valuation graphs, their spans 
are equal => <~j. This implication is easy to see. 

~i => for initial nodes s p and s q , frac(M(s p )) = <^=> frac(M(s q j) = and 
LA1(sp)J = |yVJ(s,j)J, i.e. the integer portions of the spans match and for the 
rest of the bisimilar nodes from the two zone valuation graphs, their spans have 
to be equal. 
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X > 1 

Zone valuation graph for automaton 1 




Zone valuation graph for automaton 2 

Fig. 4. Example of timed bisimulation game 



We prove this below. Considering the initial nodes, there can be two cases: 

1. frac(A4(s p )) = 0. By the definition of interval bisimulation Ai(s q ) = Ai(s p ). 

2. when frac(Ai(s p )) ^ 0. From the definition of interval bisimulation, this 
also requires that frac(M(s q )) ^ 0. 

Also it is straightforward to see that for p and q to be interval bisimilar, 
[frac(M(s p ))\ = [frac(M(s q ))\ , i.e. their integer parts are the same. We 
can prove this by contradiction. Suppose without loss of generality, the in- 
teger parts of the spans of s p and s q are respectively t and t + I, where t 
and I are positive integers. Thus p can make a delay d = t + 1 to become p' 
whereas q cannot make a delay t + 1 such that q q' and p' <~j q' since 

such ap'^ Q{s P ) whereas q' € Q{s q ). 

For the bisimilar nodes apart from the pair of initial nodes in the two zone 
valuation graphs, the spans have to be exactly same. The span of a node can 
be of the forms t, t — 6 or t — 25, where 5 symbolizes an infinitesimally small 
number. 

Exactly with the same argument as above, we can show that two processes 
p and q cannot be interval bisimilar if any two bisimilar nodes in their corre- 
sponding zone graphs have spans t and t + l, where t and I are positive integers. 

Now we consider the case where the spans of two bisimilar nodes are t and 

tv 

t — 5. Let p — > p , where tr € Lep + and p € Q(s p i) and A4(s p i) = t. Similarly, 
let us suppose q q' and q' e G(s q >) and M(s q >) = t — 5 and s p ' and s q > form 
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the pair of bisimilar nodes. We prove that in such a case p and q are not interval 
bisimilar. 

Let in the paths from s p to s p > and from s q to s q i, s pi and s qi be the first 
pair of nodes that are strongly bisimilar to each other such that the spans of s pi 
and s qi be m and m — 8 respectively. It is possible that s pi is same as s p ' and 
s qi is same as s q i . There can be two cases which can cause the span of s qi to be 
m — 8. 

1. Lower limit of value of the critical clock y is j + 8 and the upper limit being 
j + m where j is an integer. 

2. Lower limit of value of the critical clock y is the integer j and the upper 
limit being j + m — 8. 

We start with the first case. Let p\ € Q (s Pl ) be the process such that min y (s Pl ) = 
v Pl (y) = j. Now we consider the transitions from p to p\ by delays of 1 time unit 
interspersed with visible action transitions. Process q being interval bisimilar to 
p, performs the same actions. The delays of 1 time unit by the p-derivatives are 
exactly matched by the ^-derivatives. 

However, process q by executing the same trace as executed by p to evolve 
into pi will not lead into a process belonging to Q{s qi ) since the valuation of 
every clock of the q derivative by executing the trace will be an integer and will 
not be of the form j + 8. Thus p and q are not interval bisimilar if the lower limit 
of the valuation of their critical clocks are both not integers. 

We can also prove similarly for the second case too that p and q will not be 
interval bisimilar. 

Now let us consider the case where the spans of two bisimilar nodes are of 
the form m and m — 28. Similar to the proof of the case where the spans are m 
and m — 8, it can be proved that processes p and q are not interval bisimilar. 
The proof for the case where the spans are of the form m — 8 and m — 28 is also 
very similar. □ 

Corollary 1. p <~j q p ^ q, where p and q are two timed processes. 

Proof. Suppose p and q are interval bisimilar and let their zone valuation graphs 
be ZA lyP and Za 2 , q respectively with initial nodes s p and s q . Without loss of 
generality, say Ai(s p ) > Ai(s q ). Let B be a strong bisimulation relation such 
that for (s p , s q ) e B, M{s p ) > M(s q ) and for the rest of the pairs of bisimilar 
nodes in B, their spans are equal. This implies that B is a timed performance 
prebisimulation relation. □ 

Example 3. Figure 5 (a) and (b) show two timed automata processes (A, 2.4) and 
(A 1 , 0.8) and their corresponding zone valuation graphs in (c) and (d) respecively. 
The defender has a universal winning strategy for the game p^ a ^^ s f L-J s i> s i— 
where (si,S2) 7^ (s p ,s q ) and a e Lep and hence the two processes are interval 
bisimilar Here s p and s q are the initial nodes of the zone valuation graphs corre- 
sponding to processes (A, 2.4) and (A', 0.8). Note that the two timed automata 
states (A, 2.4) and (A', 0.8) 
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Fig. 5. Figures (c) and (d) arc zone 
(A 1 , 0.8) respectively 




valuation graphs for states (A, 2.4) and 



5.5 Time Abstracted Delay Bisimualtion Game 

Lemma 3. The game p^( a > E ^ a ') > where a € Lep characterizes time abstracted 
delay bisimualtion. 

Proof. : Since e in the graph represents a process delay, it is immediate from the 
definition of time abstracted delay bisimualtion. □ 

Example 4- Figure 6 shows two timed automata and their corresponding zone 
valuation graphs for timed processes {A, 0) and {A', 0). (A', 0) can perform an a 
action whereas (A, 0) can perform a after performing an e. The defender has a 
universal winning strategy for the game F^"' and hence the two processes 
are time abstracted delay bisimilar. 

0^ 

Automaton 1 




Automaton 2 



x < 2 2<x<7 x>2 

e 



x < 3 

(A') 
£ 



x > 7 



x > 3 



Zone valuation graph for automaton 1 Zone valuation graph for automaton 2 



Fig. 6. Example of time abstracted delay bisimulation game 
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5.6 Time Abstracted Observational Bisimulation Game 

Lemma 4. The game r^ a ' e ^ a ^ e ^ where a G Lep characterizes time abstracted 
observational bisimualtion. 

Proof. Immediate from the definition of time abstracted observational bisimula- 
tion game. □ 
From the definition, this game can be defined as r^ a ' e ^" 1 ^ r£ ^ where a e Lep. 

Example 5. In figure 7, two timed automata from [12] are shown that are time 
abstracted observation bisimilar but not time abstracted delay bisimilar. Figure 8 
shows the corresponding zone valuation graphs and we can see that the defender 
has a universal winning strategy for the game r^ a ' £ ^ ,a ^ r£ \ 




Fig. 7. A and A' are time abstracted observation bisimilar but not time ab- 
stracted delay bisimilar 




Fig. 8. Time abstracted observation bisimulation game for automata shown in 
figure 7 



5.7 Time Abstracted Simulation Equivalence Game 

This game is similar to that of time abstracted bisimulation but dos not involve 
any alternation. 

Lemma 5. The game is 0— r^ a ' a ^ where a € Lep characterizes time abstracted 
simulation equivalence. 
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Proof. Time abstracted simulation equivalence game can be considered to be 
a discrete simulation equivalence game which is a discrete bisimulation game 
without any alternation. Hence the proof. □ 
Note that this game can also be played on the following zone graphs. 

1. Like other time abstracted games, the zone graph Z\ obtained after phase 1 
of zone valuation graph generation. 

2. A phase 2 can be executed, but in stead of combining the nodes that are 
strongly bisimilar to each other, the nodes that are simulation equivalent to 
each other are combined to get a canonical form of the zone valuation graph, 
where the nodes denote simulation equivalent classes of the timed automata 
valuations. 

On similar lines, we can also define the games for time abstracted delay bisim- 
ulation equivalence and time abstracted observational bisimulation equivalence 
as — r^ a ' £ ^°^ and — 1^"' 6 ^ a ^ E '> respectively, where a <G Lep. 

5.8 Timed Simulation Equivalence Game 

Designing this game is tricky when the equivalence includes real time. In the 
untimcd domain as in [3], a simulation equivalence game can be obtained from 
the bisimulation game by restricting the number of alternations to 0. In the 
timed version though, this is not the case. Thus the game 

_ r Z,(a,a),= where 

a e Lep does not characterize timed simulation equivalence. This can be shown 
with the following example: 

Example 6. Figure 9 shows two timed automata and their corresponding zone 
valuation graphs for timed processes (A, x = 0) and (A' , x = 0). In the first zone 
valuation graph, corresponding to location A, the nodes that are created arc 
named A\, A^ and A3 for convenience. The two processes are timed simulation 
equivalent though the defender does not have a universal winning strategy in 
the game — j^^ a ' a ^~ as th c S p ans f A\ and A' do not match. Note that here 
Ai and A 2 are not strongly bisimilar and hence cannot be merged while creating 
the canonical form of the zone valuation graph through phase 2. 

Phase 2 is modified so as to merge the nodes that are simulation equivalent. 
Here A\ and A2 are simulation equivalent and thus can be merged to get Z S i m on 
which the game can be played. The nodes of the graph Z sim denote the simulation 
equivalent classes of the corresponding timed LTS. The defender here has a 
universal winning strategy when the game is played on this variant of the zone 
valuation graph. 

Lemma 6. The game — /^«™>{ a > a >>- characterizes timed simulation equiva- 
lence. 
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Automaton 1 Automaton 2 



a 



x< 1 1 <I< 2 re > 2 




x > 

Zone valuation graph for automaton 1 Zone valuation graph for automaton 2 

Fig. 9.0 — r^ a ' a ^~ game does not characterize timed simulation equivalence. 
It is characterized by - r£* 4ro ' <0 ' 0> ' = . 



5.9 Timed Performance Prebisimulation Game 

In [8], it has been shown that two timed processes are timed performance pre- 
bisimilar iff their zone valuation graphs are strongly bisimilar and for each pair 
of strongly bisimilar nodes, all nodes from one zone valuation graph should be 
equal to or smaller than the corresponding bisimilar node of the other graph. 
We can design the game as disjunction of two games. In the first game, while 
checking if the zone valuation graphs G\ and Gi are strongly bisimilar, we also 
check if the spans of the nodes of graph G\ is less than or equal to the spans 
of corresponding bisimilar nodes of graph G2. If the defender loses this game, 
then the second game is played which differs from the first subgame in the extra 
condition that now it is checked that if the span of the nodes in graph G 2 is 
less than or equal to the span of the bisimilar nodes of G\. The game described 
above thus is r£<°'°>'< Gl ^ V r£< '°>'< G ^>. 

Lemma 7. The game j^'(°' ^( Gl '-) v j^'(°' ^( G2 '-) characterizes timed -per- 
formance prebisimulation. 

Example 7. In this example, we consider the two timed automata from [8]. The 
two timed automata in figure 10 are related through timed prebisimulation rela- 
tion. The automaton in the left is at least as fast as the automaton on the right, 
since the second a action should be performed within a time interval of one time 
unit after the first a action whereas in the second timed automaton, the second 
a can be performed within an interval of two time units after the first action. 
The game j 1 ^ ' )'^ 1 '-) v /"^'( a > a )>( G2 >-) j s played on the their corresponding 
zone valuation graphs which are shown in figure 11. The defender has a universal 
winning strategy. 
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Fig. 10. Example: Timed prebisimulation relation 

l)<x<l x = l X > 1 u < X < 1 x = 1 x > 1 




Fig. 11. Example: Zone valuation graph of timed automata shown in figures 10 



6 Hierarchy of Games 



The following lemmas describe the hierarchy across different timed games that 
are obtained by assigning different values to each of the parameters in the game 
template. The arrow from the game on the left to the game on the right denotes 
that if the defender has a universal winning strategy for the game on the left, 
then it also has a universal winning strategy for the game on the right. Besides 
for each pair of games, if i~i — > _T 2 , then _T 2 7^ A- 

Lemma 8. — >n- 

This lemma states that if the defender has a universal winning strategy in a 
game with no restriction on alternations, then it will also win a game with finite 
number of alternations if the other parameters do not change. 

Lemma 9. rg- a >' 5 — > rf ' a,/3 

This lemma states that if the defender has a universal winning strategy in a 
game with infinite number of rounds, then it will also win in a game with finite 
number of rounds. 

Lemma 10. n - r fe G ' a '= — > n - r^ a ' l=l 

n _ r G, a ,= ^ n _ r G, a ,( Gl ,<) 
n _ r G, a ,= ^ n _ r G, a ,(G 2 ,<) 

n 



_ r <W=j _, n _ r G,a,(G 1 ,<) v n _ r G,«,(G 2 ,<) 



Corollary 2. r gAa,a) ,( Sp l-ls q , Sl s 2 ) ^ ^at («i, s 2 ) 7^ (s P ,s q ) — -> T c 



Z,(o,a),(Gi 
00 



r Z,{a,a),(G 2 ,<) 
1 00 
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Fig. 12. Hierarchy of timed games 



This is immediate from lemma 10. 

Lemma 11. n - lf' <a ' a> ^ — ► n - r^ {a ' £ ^ a)Jj — ► n - r ^ {a ' £ ^ e) ' 

This is true since every node in the zone valuation graph has an implicit edge 
labelled with e. Here a G Lep. 

Lemma 12. n - if' (a ' a> ^ — ► n - r^ im ' (a ' a) '^ 

Thus assigning different values to each of these parameters n^, fcj, G^, a,, /3j in 
the zth subgame, we can generate a complete game hierarchy using the lemmas 
given above. Below we give a diagram which shows the hierarchy of the games 
that correspond to the timed relations in figure 1. The diagram in figure 12 is 
only a small part of the entire hierarchy of timed games defined in this paper 
and as in [3], this leaves us with the scope of defining several timed relations 
or embed existing relations that are not discussed in this paper into this game 
hierarchy. 



7 Conclusion 

In this paper, we have presented a hierarchy of games that can be played between 
two timed processes where these processes denote valuations of timed automata. 
Timed automata is a well studied formalism and the decidability results corre- 
sponding to several relations are known with respect to timed automata. The 
hierarchy among the games reflects the hierarchy among the timed relations. 
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The game hierarchy also allows us to embed several other timed relations that 
are not discussed in this paper. The closest to our works are [11] and [3]. Bisim- 
ulation games were first introduced in [11] and the game was extended in [3] 
where similar EF games have been designed to characterize process equivalences 
appearing in Van Glabbeek's spectrum [13]. As in [3], in our work too we provide 
a game template from which the entire hierarchy can be generated by assigning 
different values to the template parameters. However our case is more difficult 
since we deal with equivalences and preorders that involve real time. The main 
challenge here lies in designing the graph structure on which a game has to be 
played. We found that zone valuation graph introduced in [8] and its variants to 
be appropriate for this purpose. 
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in 

\q 1 Introduction 

O 

Bisimulation games [11] have been defined for discrete procsses. Surpisingly, 
there are no game semantics for similar relations with real time. In this pa- 
per, we extend bisimulation games to provide a coherent game structure for 
k> equivalence and preorder relations that involve real time. In [13], several se- 

5_i mantic equivalences have been defined and compared in a model independent 

way. Some of these equivalences have been extended for real time as well. For 
example, there are well known notions of equivalences which include timed bisim- 
ulation and time abstracted bisimulation. In [12], equivalences even weaker than 
time abstracted bisimulation have been defined. They are time abstracted delay 
bisimulation and time abstracted observational bisimulation. In timed bisimula- 
tion, every time delay needs to be matched exactly which makes it a very strong 
form of equivalence. Time abstracted bisimulation on the other hand is a much 
weaker form of equivalence where a time delay by one process can be matched 
by any delay so that the respective derivatives are time abstracted bisimilar. To 
bridge this gap, in this paper we introduce interval bisimulation which lies in 
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between timed and time abstracted bisimulation. We can also conceive of a simu- 
lation relation corresponding to each of these bisimulation relations. In this work, 
we consider the hierarchy of these timed relations. Apart from proposing inter- 
val bisimulation and simulation equivalences corresponding to each well known 
bisimulation relation, the main contribution of this work includes proposing a 
generalized game semantics for these timed relations. This generalized game se- 
mantics will have certain parameters which being assigned different values can 
correspond to each of the relations shown in figure 1. For the sake of completion 
of this spectrum of timed relations, we also include timed performance prebisim- 
ulation which has been proposed in the recent work [8]. In this work, more 
particularly, we propose the game semantics for timed automata processes. We 
choose timed automata since it is a well studied formalism and the decidabil- 
ity results for many of the relations based on timed automata are known. In 
contrast to Van Glabbeek's spectrum, at this point of time, we do not consider 
any form of trace equivalence in our work. We also do not consider either timed 
counterparts of relations like 2-nested simulation preorder or ready equivalence 
since the study of such relations are not known with respect to real time to the 
best of our knowledge. Game semantics for the equivalences in Van Glabbeek's 
spectrum has been proposed in [3]. In figure 1, we present a spectrum of the 
timed relations mentioned above. In section 2, we present timed automata and 
its semantics briefly. In section 3, we present zone valuation graph as defined in 
[8]. Section 4 describes several timed relations and compares them. In section 5, 
we present the game characterizations of these timed relations. In section 6, we 
provide several lemmas that can be used to construct the hierarchy of the timed 
games. We conclude in section 7. 

2 Timed Automata 

Timed automata [2] is an approach to model time critical systems where the 
system is modeled with clocks that track elapsed time. Timing of actions and 
time invariants on states can be specified using this model. 

A timed automaton is a finite-state structure which can manipulate real- 
valued clock variables. Corresponding to every transition, a subset of the clocks 
can be specified that can be reset to zero. In this paper, the clocks that are 
reset in a transition are shown as being enclosed in braces. Clock constraints 
also specify the condition for actions being enabled. If the constraints are not 
satisfied, the actions will be disabled. Constraints can also be used to specify 
the amount of time that may be spent in a location. The clock constraints B(C) 
over a set of clocks C is given by the following grammar: 

g ::= x — c | g A g 

where c e N and x € C and - e {<, <, =, >, >}. A timed automaton over a 
finite set of clocks C and a finite set of actions Act is a quadruple (L, Iq, E, I) [1] 
where L is a finite set of locations, ranged over by I, Iq € L is the initial location, 
E C L x B(C) x Act x 2 C x L is a finite set of edges, and I : L -> B(C) 
assigns invariants to locations. 
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Timed Simulation Equivalence 



Interval simulation equivalence 



Time abstracted simulation 
equivalence 



Timed bisimulation 



Interval bisimulation 

I 

Timed performance prebisimulation 



Time abstracted bisimulation 



Time abstracted delay bisimulation 



Time abstracted delay simulation Tme abgtracted observational bisimulation 
equivalence 



Time abstracted observational simulation 
equivalence 

Fig. 1. Spectrum of timed relations 



2.1 Semantics 

The semantics of a timed automaton can be described with a timed labeled 
transition system(TLTS)[l]. Let A = (L,Iq, E, I) be a timed automaton over a 
set of clocks C and a set of visible actions Act. The timed transition system T(A) 
generated by A can be defined as T(A) = (Proc, Lab, \a € Lab}), where 
Proc = {(I, v) | (I, v) € L x (C — > M>o) and v \= 1(1)}, i.e. states are of the form 
(l,v), where / is a location of the timed automaton and v is a valuation that 
satisfies the invariant of I. We use the terms process and state interchangeably 
in this text. Lab = Act U R>o is the set of labels; and the transition relation is 
defined by (l,v) {l',v') if for an edge (I g -^> I') e E, v \= g,v' = v[r] and 
v' \= 1(1'), where an edge (I g -~-l V) denotes that I is the source location, g is 
the guard, a is the action, r is the set of clocks to be reset and V is the target 
location. (I, v) — > (I, v + d) for all d G ]R>o such that v \= 1(1) and v + d \= 1(1) 
where v + d is the valuation in which every clock value is incremented by d. Let 
v a denote the valuation such that Vq(x) = for all x £ C. If v satisfies the 
invariant condition of the initial location Iq, then (^^o) is the initial state or 
the initial configuration of T(A). 



3 Graph Structure for Games 



A bisimulation game [11] [3] is a two player game and consists of two graph struc- 
tures on which the game is played. The graphs are the visual representation of 
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the two process descriptions for which the existence of a bisimulation relation 
has to be checked. For the games corresponding to timed equivalence and timed 
preorder relations too, we need to use a graph structure on which such timed 
games can be played. In this paper, we show how zone valuation graph [8] and 
some of its variants are used as the graph structure on which the games corre- 
sponding to the timed relations are played. One must note that zone valuation 
graph cannot be directly used in all the games discussed later. We may require 
certain modifications in the graph structure to characterize the games for various 
timed relations. 

We briefly describe zone valuation graph. For this we first introduce zone 
and zone graph. The following two definitions are from [14]. 

3.1 Zone Valuation Graph 

Definition 1. zone: The characteristic set of a linear formula <f>, a clock con- 
straint of the form x c or a diagonal constraint of the form x — y ' c, where 
x,y € C, is the set of all valuations for which <f> holds. A zone is a finite union 
of characteristic sets. 

A zone graph is similar to a region graph[l] with the difference that each 
node consists of a timed automaton location and a zone. 

Definition 2. zone graph: For a timed automaton P = (L,Iq,E,I), a zone 
graph is a transition system (S, Sq, Lep, — >), where Lep — ActU{e}, e is an action 
corresponding to delay transitions of the processes of the zone, S C L x <2> V (C) 
is the set of nodes, s = (l , <j>o(C)), — >C S x Lep x S is connected, 4>o{C) is the 
formula where all the clocks in C are and <P V (C) denotes the set of all zones. 

Definition 3. Bisimulation between zone graphs 

For two zone graphs, Z\ = (Si, Si, Lep, — >i) and Z 2 = (S2, s 2 , Lep, -^2), Z\ 
is strongly bisimilar[9] to Z 2 , denoted as Zi ~ Z 2 , iff the nodes Si and s 2 are 
strongly bisimilar, denoted by Si <~ s 2 . 

While checking strong bisimulation between the two zone graphs, e is consid- 
ered visible similar to an action in Act. The e action represents a process delay 
d e K>o, where d > 0. Hence each node in the zone valuation graph has an 
e transition to itself. Besides as in region graph, e transitions are transitive in 
nature. To avoid clutter, the self loops and the transitive e transitions are not 
shown in any of the zone valuation graphs in this paper. We present here zone 
valuation graph as defined in [8]. One should note that a zone valuation graph 
corresponds to a particular timed process or valuation of the timed automaton. 

It is possible to have different zone graphs corresponding to a timed automa- 
ton. For a timed automaton A = (L, Iq, E, I) and a process r = (lj, ) 6 T(A), 
we are interested in a particular form of zone graph r ^ — (S, s r , Lep, — >•) which 
satisfies the following properties: 

1. set S is finite. 
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2. For every node s e S the zone corresponding to the constraints (j> s is convex. 

3. vi 6 |= (f> Sr . Note that may or may not satisfy <fro(C). 

4. For any two processes p, q G T(A), if their valuations satisfy the formula <f> T 
for the same node r G S then p ^ M g, i.e. p is time abstracted bisimilar to q. 

5. For two timed automata A\, A 2 and two processes p G T{A\) and g € T(A 2 ), 

z (A uP ) ~ Z(A 2 ,q) & P ~« 9- 

6. It should be minimal to the extent of preserving convexity of the zones and 

gives a canonical form. 

For any node s £ S, let £/(s) represent the set of all processes reachable from p 
with the same location as that of s and whose valuations satisfy (f> s . p is the initial 
clock valuation corresponding to which the zone valuation graph is created. The 
following definitions are from [8]. 

Definition 4. Span: For a given node s G S and a clock x € C, min x (s) and 
max x (s) represent the minimum and the maximum clock valuations of a clock x 
across all processes in node s. For x > c, min x (s) — c, forx > c, min x (s) = c+S 
and max x (s) = oo. For x < c, max x {s) — c, for x < c, max x (s) = c — 8 and 
min x — in both cases. Here S is a symbolic representation of an infinitesimally 
small value. We define range{x 1 s) as max x (s) — min x (s). The span of a node 
s € S is defined as Ai{s) — min{range(x, s) \ x G C}, i.e. minimum of all 
clocks' ranges. We define a clock y belonging to the set {y | range(y, s) — A4(s)} 
to be a critical clock of node s. 

For example, in a zone valuation graph with two clocks x and y, the span of a 
node s with <fi s — x > 3 and y < 1 is min(oo, 1 — S) = 1 — 6 whereas span for 
a node with <p s = x > 1 and y = 2 is mm(oo,0) = 0. We say that for a node 
s in the zone valuation graph, range(x, s) = m — I — 28 where valuations for 
clock x lie in the range I < x < m. It is to be noted that 25 is also a symbolic 
value. It is to be noted that for a given node s, range{x, s) is the same for all 
clock variables x € C if the zone corresponding to node s is not abstracted 
with respect to any clock variable. If the zone corresponding to s is abstracted 
with respect to one or more clock variables then for each such variable x G C, 
range(x, s) = oo. For example in figure 2, we show a timed automaton and part 
of its zone valuation graph. The zone corresponding to rightmost node in the 
part of the zone valuation graph shown inthc figure, is abstracted with respect to 
clock x and hence range(x, s) = oo, whereas range(y, s) = range(z, s) = 1 — 28. 

Definition 5. Given a timed automaton A, let Zi A ^ p \ be the zone valuation 
graph corresponding to process p € T(A). Let p' G T{A) be a process reachable 
fromp and s be the node of Z(A,p) su °h that p' G Q{s). Let x be a critical clock of 
s andvp'(x) denote the valuation of clock x for process p' . We define maximum 
admissible delay for p' in s as max x (s) — v p <(x). 

For example, from the figure describing zone valuation graph for automaton 1 in 
figure 6 , the maximum admissible delay for the process (A, x = 1) is 2 — 1 = 1. 

The algorithm for creating zone valuation graph consists of two phases. In 
the first phase, forward and backward analysis of the given timed automaton 
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(a) (b) 

Fig. 2. Range of clocks in zone valuation graph node 



produces a zone graph where zones are split based on a canonical decomposition 
[12] of the constraints on the outgoing edges in the timed automaton. In the 
second phase, the nodes in the zone valuation graph produced after phase 1 that 
are strongly bisimilar to each other are merged using Paige-Tarjan algorithm 
[10] to produce a canonical form of the zone valuation graph. After merging, 
every node in the zone valuation graph denotes time abstracted bisimilar classes 
of the timed LTS of the given timed automaton that preserves convexity. Note 
that after phase 1, strongly bisimilar nodes corresponding to different locations of 
the timed automaton can also be combined. In such case, we say that the location 
set of combined node is the set of locations of the nodes that are combined. 

Forward analysis may cause a zone graph to become infinite [5]. To ensure 
finitcncss of the zone graph, several kinds of abstractions have been proposed in 
the literature [4] [5] [6]. In [8], location dependent maximal constants abstraction 
[5] is used to get a finite zone valuation graph. 

The time complexity required for creation of zone valuation graph has also 
been derived given in [8]. In the worst case, the zone valuation graph created 
becomes same as region graph and hence the worst case complexity of creation of 
zone valuation graph is exponential in the number of clocks. For a given timed 
automaton, if n be the number of locations in the timed automaton and \S\ 
and m denote the number of nodes and edges respectively in the zone valuation 
graph produced after phase 1 of the algorithm, then the total time required in 
both phases for construction of the zone valuation graph is 0(n 2 (\C\ 3 n + \S\ x 
\C\ + n 2 x log n) + \S\ x log m). 



4 Equivalences and Preorders for Timed Systems 

We discuss here several bisimulations, simulation equivalences and preorders 
dealing with real time for timed processes that are states or valuations of a 
timed automaton execution. 

Definition 6. Timed bisimilarity: A binary symmetric relation IZt over the 
set of states of a TLTS is a timed bisimulation relation if whenever pilZ t p 2 , for 
each action a e Act and time delay d e M> 
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if Pi A p\ then there is a transition p 2 A p' 2 such that p'{R.tp' 2 , and 
if pi A p[ then there is a transition p 2 A p' 2 such that p[lZ t p 2 . 
Timed bisimilarity ~ t is the largest timed bisimulation relation. 

Timed automata A\ and A 2 are timed bisimilar if the initial states in the corre- 
sponding TLTS are timed bisimilar. Matching each time delay in one automaton 
with identical delays in another automaton may be too strict a requirement. 
Time abstracted bisimilarity is the relation obtained by a relaxation of this re- 
quirement where p[ <~ t p' 2 is replaced uniformly by p\ ^ u p' 2 and the second 
clause of definition 6 is replaced by 

if Pi ^ Pi then there is a transition p 2 A p 2 , such that p[ ^ u p 2 . The delay d 
can be different from d' . 

Timed automata A\ and A 2 are time abstracted bisimilar if the initial states in 
the corresponding TLTS are time abstracted bisimilar. 

In this work, we introduce below interval bisimulation to bridge the gap 
between timed and time abstracted bisimulation and provide its game semantics 
later indicating how it can be decided using zone valuation graph. 

Definition 7. Interval bisimilarity: A binary symmetric relation IZi over the 
set of states of a TLTS is an interval bisimulation relation if whenever p{lZip 2 , 
for each action a € Act and time delays d, d! G R>q 

if Pi A p\ then there is a transition p 2 A p' 2 such that p'{R,; L p 2 , and 

if Pi ~~ Pi then there is a transition p 2 A p' 2 such that p[lZip 2 and d! = d if 
frac(d) = and d! e ( \d\ , \d~\ ) otherwise. Here frac(d) denotes the fractional 
part of delay d. 

Interval bisimilarity ~j is the largest interval bisimulation relation. 

Definition 8. Time Abstracted Delay Bisimilarity: A binary symmetric 
relation 1Z V over the set of states of a TLTS is a time abstracted delay bisim- 
ulation relation if whenever pilZ y p 2 , for each action a e Act and time delays 
d, d' e R> a 

if Pi A p[ then there is a transition p 2 A A p' 2 such that p'{R, y p' 2 , and 

if pi A p[ then there is a transition p 2 A p 2 such that p'{H y p' 2 . 
Time abstracted delay bisimilarity ^ y is the largest time abstracted delay bisim- 
ulation relation. 

Definition 9. A time abstracted observational bisimulation relation, 1Z Q can be 
defined by replacing lZ y uniformly with 1Z in definition 8 and the first clause in 
definition 8 being replaced by the following: 

if pi A p[ then there is a transition p 2 AAA p' 2 such that p[lZ p 2 . Time 
abstracted observational bisimilarity, denoted by is the largest time abstracted 
observational bisimulation relation. 

Definition 10. Timed Simulation: A timed process p 2 is said to time sim- 
ulate process pi if there exists a relation IZi such that for each action a e Act 
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and time delay d G R> 

if pi 4})'] then there is a transition P2 — > p' 2 such that p'{R-\p' 2 , and 

if Pi A p\ then there is a transition p 2 A p' 2 such that p'{R.\p' 2 . 

pi and p 2 are said to be timed simulation equivalent if pi time simulates p 2 and 

p 2 time simulates p\ . 

Thus corresponding to each of the bisimulation relation defined above, we can 
define a simulation equivalence. 

The following definition of timed performance prebisimulation is from [8]. 

Definition 11. Timed performance prebisimilarity: A binary relation B 
over the set of states of a TLTS is a timed performance prebisimulation relation 
if whenever p\Bp 2 , for each action a G Act and time delay d G M> 

if Pi A p' x then there is a transition p 2 A p 2 such that p[Bp 2 , and 
if p 2 A p' 2 then there is a transition p\ Ap'j such that p\Bp' 2 , and 

if pi A p\ then there is a transition p 2 A p 2 for d < d 1 such that p[Bp 2 ,and 

if Pi A p 2 then there is a transition pi A p[ for d> d 1 such that p[Bp 2 . 
Timed performance prebisimilarity ^ is the largest timed performance prebisim- 
ulation relation. 

4.1 Comparison Among these Relations 

It is easy to see from the definitions that strong timed bisimulation implies strong 
time-abstracted bisimulation whereas the converse is not true. Interval bisimu- 
lation lies in between timed bisimulation and time abstracted bisimulation and 
from the definitions, ^ u C ^ y C <~ G . Also existence of a bisimulation relation be- 
tween two processes implies the existence of the corresponding simulation equiva- 
lence. It is also easy to see that timed performance prebisimulation lies in between 
timed bisimulation and time abstracted bisimulation. Though not immediately 
evident, we will subsequently prove that timed performance prebisimulation is 
weaker than interval bisimulation. In figure 1, an arrow from one relation to the 
other denotes that the relation from which the arrow originates is stronger than 
the one to which it points. Hence we have ~ t => ~ j => ^ => ^ u => ~ y => ^ and it is 
easy to see that similar implication relations also exist among the corresponding 
simulation equivalences. Thus we obtain figure 1 where TZ\ — > 1Z 2 denotes that 
IZi is a strict subset of 7^2 • 

5 Game Characterization 

In [3], a hierarchy of games has been proposed that allows systematic compari- 
son of process equivalences for discrete processes. The process hierarchy of Van 
Glabbcck can be embedded in the game hierarchy defined in [3] . In this work we 
provide a similar game hierarchy so as to correspond to process equivalences and 
preorders that involve real time. Similar to the games in [3], our games are also 
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Ehrenfcucht-Frai'sse games where player I is known as the attacker and player 
II is called the defender. The game is played on a finite graph. In our case this 
finite graph is either the zone valuation graph or one of its variants as described 
later in detail. Corresponding to the two timed processes for which we want to 
check if they are related through one of the relations described in section 4, two 
graphs are first created on which the game is to be played. As in every EF game, 
the attacker chooses a graph and makes its move. The defender tries to repli- 
cate the move on the other graph. If the defender can always replicate the move 
the attacker makes, then it wins implying that the two processes are related 
through the relation that corresponds to the game. If at any point in time, the 
defender cannot replicate the move of the attacker, then it loses which implies 
that the two processes are not related through the corresponding relation. In a 
bisimulation game before any round, the attacker can also choose the graph on 
which it will make its move. The defender has to choose the other graph. If the 
attacker changes the graph between two consecutive rounds, it is known as an 
alternation. Alternations are not allowed in games corresponding to simulation 
equivalences. A game can be played infinitely or for a finite number of rounds. 
The moves made by the attacker or the defender can also differ from one game to 
another. In the EF games described in this section, the moves denote an action 
or a sequence of actions belonging to the set Act U {e}. Certain extra condi- 
tions can also be part of the game depending on the relation to which the game 
corresponds to. For example, in timed bisimulation game, after every move the 
defender needs to ensure that the span of its current node is exactly same as 
the span of the node in which the attacker resides. Ensuring the equality of the 
span is an extra condition. 

5.1 Game Template 

A timed game proposed in this work can be described using the grammar C ::= 
n — r k ' a 'P , C\ V £2- Each game is characterized by the following parameters 
as described below: 

- n : number of alternations. If not mentioned, it denotes no restriction on the 
number of alternations in the subgamc. 

- k : number of rounds; a subgame can have even infinite number of rounds. 

- G : underlying graph on which the game is played. It can be of the following 
types: Z denotes zone valuation graph, Z\ denotes the graph obtained after 
phase 1 of zone valuation graph construction. This can be used for games 
of time abstracted relations. Z sim denotes the graph that is obtained by 
combining the nodes of Z\ that are simulation equivalent. 

- a : a vector of two elements: the first element denotes the move chosen by 
attacker whereas the second element denotes the move chosen by defender. 

- j3 : extra condition in the game and may be of the following types: 

• = : This condition denotes that span has to be matched. We also use 
(si = s 2 ) to denote that the spans of nodes Si and s 2 should be the 
same. 
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• [=J : This condition denotes that the integer portion of the span has 
to be matched and if the decimal part of one span is 0, then so should 
be for the other. We also sometimes use (siL=J s 2) where S\ and S2 are 
nodes of the two zone valuation graphs. 

• G\ , < : Let the two graphs for the two timed processes be denoted by G\ 
and G2. This extra condition denotes that the span of any node in G\ 
should be less than or equal to the span of the corresponding bisimilar 
node in Gi. 

(3 if not specified denotes that there is no extra condition. 



5.2 Time Abstracted Bisimulation Game 

This is the EF bisimulation game played on the zone valuation graphs of two 
timed processes. There is no restriction on the number of rounds and the number 
of alternations. 

Lemma 1. The game T^ a ' a \ where a € Lep characterizes time abstracted 
bisimulation. 

Proof. This is a strong bisimulation game played on two zone valuation graphs. 
By construction of zone valuation graph, two processes are time abstracted bisim- 
ilar if their corresponding zone valuation graphs are strongly bisimilar. Hence 
the proof. □ 
Note that for any kind of time abstracted relation, the zone graph obtained 
after phase 1 of the zone valuation graph creation algorithm can be used. The 
intuition behind this is that in phase 2, the zones that are behaviorally similar 
(bisimilar or simulation equivalent) are combined in this phase. Only the span of 
the combined zone changes which is required for matching the time. Thus phase 
2 is important for timed relations only. 

Example 1. Figure 3 shows two timed automata and their corresponding zone 
valuation graphs for timed processes (A, x = 0) and (A', x — 0). The defender has 
a universal winning strategy for the game r^ a '°^ and hence the two processes 
are time abstracted bisimilar. 



5.3 Timed Bisimulation Game 

This game is same as the game for time abstracted bisimulation but has an extra 
condition which specifies that the spans of every pair of bisimilar nodes from the 
two zone valuation graphs should be equal. 

Lemma 2. The game p^ a > a ^- ; w here a G Lep characterizes timed bisimula- 
tion. 

Proof. In this game if the defender has a universal winning strategy then it 
implies that the two zone valuation graphs are strongly bisimilar and every pair 
of bisimilar nodes in the two zone valuation graphs have equal span. This implies 
that the two timeed processes are timed bisimilar. The detailed proof is given in 
[7]. □ 
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Automaton 1 Automaton 2 




x > 1 x > 2 



Zone valuation graph for automaton 1 Zone valuation graph for automaton 2 

Fig. 3. Example of time abstracted bisimulation game 



Example 2. In this example, we consider two timed automata as given in [1]. 
Figure 4 shows the two timed automata and their corresponding zone valuation 
graphs for timed processes (A, x = 0) and (A',x = 0). The defender has a 
universal winning strategy for the game p^ a ' a ^~ anc j hence the two processes 
are timed bisimilar. In the figure, the spans of the nodes are indicated within 
parentheses. 

5.4 Interval Bisimulation Game 

This game is same as the game for timed bisimulation with the following dif- 
ference. Let s p and s q be the initial nodes of the zone valuation graphs corre- 
sponding to processes p and q. It is not required that the spans of s p and s q 
have to be equal but the integer parts of the spans should be the same and if 
the fractional part of one span is 0, so should be for the other node. Thus the 
game characterization for interval bisimulation is r^ > '^ a ' a ' > '( s pL-_K' Si - S2 ) ^ ^gj-g 
(si, s 2 ) ^ {s p , s q ) and a e Lep. 

Theorem 1. A universal winning strategy for the defender in the game p^ a ^^- 
where (si, S2) ^ (s p , s q ) and a € Lep denotes that the two timed processes p and 
q are interval bisimilar. Here s p and s q are the initial nodes of the two zone 
valuation graphs. 

Proof. For the initial nodes s p and s q , [M(s p )\ = [M(s q )\, i.e. the integer 
portions of the spans match and frac(A4(s p )) = <^=> frac(M.(s q )) — and for 
the rest of the bisimilar nodes from the two zone valuation graphs, their spans 
are equal => <~j. This implication is easy to see. 

~i => for initial nodes s p and s q , frac(M(s p )) = <^=> frac(M(s q j) = and 
LA1(sp)J = |yVJ(s,j)J, i.e. the integer portions of the spans match and for the 
rest of the bisimilar nodes from the two zone valuation graphs, their spans have 
to be equal. 
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X > 1 

Zone valuation graph for automaton 1 




Zone valuation graph for automaton 2 

Fig. 4. Example of timed bisimulation game 



We prove this below. Considering the initial nodes, there can be two cases: 

1. frac(A4(s p )) = 0. By the definition of interval bisimulation Ai(s q ) = Ai(s p ). 

2. when frac(Ai(s p )) ^ 0. From the definition of interval bisimulation, this 
also requires that frac(M(s q )) ^ 0. 

Also it is straightforward to see that for p and q to be interval bisimilar, 
[frac(M(s p ))\ = [frac(M(s q ))\ , i.e. their integer parts are the same. We 
can prove this by contradiction. Suppose without loss of generality, the in- 
teger parts of the spans of s p and s q are respectively t and t + I, where t 
and I are positive integers. Thus p can make a delay d = t + 1 to become p' 
whereas q cannot make a delay t + 1 such that q q' and p' <~j q' since 

such ap'^ Q{s P ) whereas q' € Q{s q ). 

For the bisimilar nodes apart from the pair of initial nodes in the two zone 
valuation graphs, the spans have to be exactly same. The span of a node can 
be of the forms t, t — 6 or t — 25, where 5 symbolizes an infinitesimally small 
number. 

Exactly with the same argument as above, we can show that two processes 
p and q cannot be interval bisimilar if any two bisimilar nodes in their corre- 
sponding zone graphs have spans t and t + l, where t and I are positive integers. 

Now we consider the case where the spans of two bisimilar nodes are t and 

tv 

t — 5. Let p — > p , where tr € Lep + and p € Q(s p i) and A4(s p i) = t. Similarly, 
let us suppose q q' and q' e G(s q >) and M(s q >) = t — 5 and s p ' and s q > form 
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the pair of bisimilar nodes. We prove that in such a case p and q are not interval 
bisimilar. 

Let in the paths from s p to s p > and from s q to s q i, s pi and s qi be the first 
pair of nodes that are strongly bisimilar to each other such that the spans of s pi 
and s qi be m and m — 8 respectively. It is possible that s pi is same as s p ' and 
s qi is same as s q i . There can be two cases which can cause the span of s qi to be 
m — 8. 

1. Lower limit of value of the critical clock y is j + 8 and the upper limit being 
j + m where j is an integer. 

2. Lower limit of value of the critical clock y is the integer j and the upper 
limit being j + m — 8. 

We start with the first case. Let p\ € Q (s Pl ) be the process such that min y (s Pl ) = 
v Pl (y) = j. Now we consider the transitions from p to p\ by delays of 1 time unit 
interspersed with visible action transitions. Process q being interval bisimilar to 
p, performs the same actions. The delays of 1 time unit by the p-derivatives are 
exactly matched by the ^-derivatives. 

However, process q by executing the same trace as executed by p to evolve 
into pi will not lead into a process belonging to Q{s qi ) since the valuation of 
every clock of the q derivative by executing the trace will be an integer and will 
not be of the form j + 8. Thus p and q are not interval bisimilar if the lower limit 
of the valuation of their critical clocks are both not integers. 

We can also prove similarly for the second case too that p and q will not be 
interval bisimilar. 

Now let us consider the case where the spans of two bisimilar nodes are of 
the form m and m — 28. Similar to the proof of the case where the spans are m 
and m — 8, it can be proved that processes p and q are not interval bisimilar. 
The proof for the case where the spans are of the form m — 8 and m — 28 is also 
very similar. □ 

Corollary 1. p <~j q p ^ q, where p and q are two timed processes. 

Proof. Suppose p and q are interval bisimilar and let their zone valuation graphs 
be ZA lyP and Za 2 , q respectively with initial nodes s p and s q . Without loss of 
generality, say Ai(s p ) > Ai(s q ). Let B be a strong bisimulation relation such 
that for (s p , s q ) e B, M{s p ) > M(s q ) and for the rest of the pairs of bisimilar 
nodes in B, their spans are equal. This implies that B is a timed performance 
prebisimulation relation. □ 

Example 3. Figure 5 (a) and (b) show two timed automata processes (A, 2.4) and 
(A 1 , 0.8) and their corresponding zone valuation graphs in (c) and (d) respecively. 
The defender has a universal winning strategy for the game p^ a ^^ s f L-J s i> s i— 
where (si,S2) 7^ (s p ,s q ) and a e Lep and hence the two processes are interval 
bisimilar Here s p and s q are the initial nodes of the zone valuation graphs corre- 
sponding to processes (A, 2.4) and (A', 0.8). Note that the two timed automata 
states (A, 2.4) and (A', 0.8) 



14 




Fig. 5. Figures (c) and (d) arc zone 
(A 1 , 0.8) respectively 




valuation graphs for states (A, 2.4) and 



5.5 Time Abstracted Delay Bisimualtion Game 

Lemma 3. The game p^( a > E ^ a ') > where a € Lep characterizes time abstracted 
delay bisimualtion. 

Proof. : Since e in the graph represents a process delay, it is immediate from the 
definition of time abstracted delay bisimualtion. □ 

Example 4- Figure 6 shows two timed automata and their corresponding zone 
valuation graphs for timed processes {A, 0) and {A', 0). (A', 0) can perform an a 
action whereas (A, 0) can perform a after performing an e. The defender has a 
universal winning strategy for the game F^"' and hence the two processes 
are time abstracted delay bisimilar. 

0^ 

Automaton 1 




Automaton 2 



x < 2 2<x<7 x>2 

e 



x < 3 

(A') 
£ 



x > 7 



x > 3 



Zone valuation graph for automaton 1 Zone valuation graph for automaton 2 



Fig. 6. Example of time abstracted delay bisimulation game 
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5.6 Time Abstracted Observational Bisimulation Game 

Lemma 4. The game r^ a ' e ^ a ^ e ^ where a G Lep characterizes time abstracted 
observational bisimualtion. 

Proof. Immediate from the definition of time abstracted observational bisimula- 
tion game. □ 
From the definition, this game can be defined as r^ a ' e ^" 1 ^ r£ ^ where a e Lep. 

Example 5. In figure 7, two timed automata from [12] are shown that are time 
abstracted observation bisimilar but not time abstracted delay bisimilar. Figure 8 
shows the corresponding zone valuation graphs and we can see that the defender 
has a universal winning strategy for the game r^ a ' £ ^ ,a ^ r£ \ 




Fig. 7. A and A' are time abstracted observation bisimilar but not time ab- 
stracted delay bisimilar 




Fig. 8. Time abstracted observation bisimulation game for automata shown in 
figure 7 



5.7 Time Abstracted Simulation Equivalence Game 

This game is similar to that of time abstracted bisimulation but dos not involve 
any alternation. 

Lemma 5. The game is 0— r^ a ' a ^ where a € Lep characterizes time abstracted 
simulation equivalence. 
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Proof. Time abstracted simulation equivalence game can be considered to be 
a discrete simulation equivalence game which is a discrete bisimulation game 
without any alternation. Hence the proof. □ 
Note that this game can also be played on the following zone graphs. 

1. Like other time abstracted games, the zone graph Z\ obtained after phase 1 
of zone valuation graph generation. 

2. A phase 2 can be executed, but in stead of combining the nodes that are 
strongly bisimilar to each other, the nodes that are simulation equivalent to 
each other are combined to get a canonical form of the zone valuation graph, 
where the nodes denote simulation equivalent classes of the timed automata 
valuations. 

On similar lines, we can also define the games for time abstracted delay bisim- 
ulation equivalence and time abstracted observational bisimulation equivalence 
as — r^ a ' £ ^°^ and — 1^"' 6 ^ a ^ E '> respectively, where a <G Lep. 

5.8 Timed Simulation Equivalence Game 

Designing this game is tricky when the equivalence includes real time. In the 
untimcd domain as in [3], a simulation equivalence game can be obtained from 
the bisimulation game by restricting the number of alternations to 0. In the 
timed version though, this is not the case. Thus the game 

_ r Z,(a,a),= where 

a e Lep does not characterize timed simulation equivalence. This can be shown 
with the following example: 

Example 6. Figure 9 shows two timed automata and their corresponding zone 
valuation graphs for timed processes (A, x = 0) and (A' , x = 0). In the first zone 
valuation graph, corresponding to location A, the nodes that are created arc 
named A\, A^ and A3 for convenience. The two processes are timed simulation 
equivalent though the defender does not have a universal winning strategy in 
the game — j^^ a ' a ^~ as th c S p ans f A\ and A' do not match. Note that here 
Ai and A 2 are not strongly bisimilar and hence cannot be merged while creating 
the canonical form of the zone valuation graph through phase 2. 

Phase 2 is modified so as to merge the nodes that are simulation equivalent. 
Here A\ and A2 are simulation equivalent and thus can be merged to get Z S i m on 
which the game can be played. The nodes of the graph Z sim denote the simulation 
equivalent classes of the corresponding timed LTS. The defender here has a 
universal winning strategy when the game is played on this variant of the zone 
valuation graph. 

Lemma 6. The game — /^«™>{ a > a >>- characterizes timed simulation equiva- 
lence. 
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Automaton 1 Automaton 2 



a 



x< 1 1 <I< 2 re > 2 




x > 

Zone valuation graph for automaton 1 Zone valuation graph for automaton 2 

Fig. 9.0 — r^ a ' a ^~ game does not characterize timed simulation equivalence. 
It is characterized by - r£* 4ro ' <0 ' 0> ' = . 



5.9 Timed Performance Prebisimulation Game 

In [8], it has been shown that two timed processes are timed performance pre- 
bisimilar iff their zone valuation graphs are strongly bisimilar and for each pair 
of strongly bisimilar nodes, all nodes from one zone valuation graph should be 
equal to or smaller than the corresponding bisimilar node of the other graph. 
We can design the game as disjunction of two games. In the first game, while 
checking if the zone valuation graphs G\ and Gi are strongly bisimilar, we also 
check if the spans of the nodes of graph G\ is less than or equal to the spans 
of corresponding bisimilar nodes of graph G2. If the defender loses this game, 
then the second game is played which differs from the first subgame in the extra 
condition that now it is checked that if the span of the nodes in graph G 2 is 
less than or equal to the span of the bisimilar nodes of G\. The game described 
above thus is r£<°'°>'< Gl ^ V r£< '°>'< G ^>. 

Lemma 7. The game j^'(°' ^( Gl '-) v j^'(°' ^( G2 '-) characterizes timed -per- 
formance prebisimulation. 

Example 7. In this example, we consider the two timed automata from [8]. The 
two timed automata in figure 10 are related through timed prebisimulation rela- 
tion. The automaton in the left is at least as fast as the automaton on the right, 
since the second a action should be performed within a time interval of one time 
unit after the first a action whereas in the second timed automaton, the second 
a can be performed within an interval of two time units after the first action. 
The game j 1 ^ ' )'^ 1 '-) v /"^'( a > a )>( G2 >-) j s played on the their corresponding 
zone valuation graphs which are shown in figure 11. The defender has a universal 
winning strategy. 
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Fig. 10. Example: Timed prebisimulation relation 

l)<x<l x = l X > 1 u < X < 1 x = 1 x > 1 




Fig. 11. Example: Zone valuation graph of timed automata shown in figures 10 



6 Hierarchy of Games 



The following lemmas describe the hierarchy across different timed games that 
are obtained by assigning different values to each of the parameters in the game 
template. The arrow from the game on the left to the game on the right denotes 
that if the defender has a universal winning strategy for the game on the left, 
then it also has a universal winning strategy for the game on the right. Besides 
for each pair of games, if i~i — > _T 2 , then _T 2 7^ A- 

Lemma 8. — >n- 

This lemma states that if the defender has a universal winning strategy in a 
game with no restriction on alternations, then it will also win a game with finite 
number of alternations if the other parameters do not change. 

Lemma 9. rg- a >' 5 — > rf ' a,/3 

This lemma states that if the defender has a universal winning strategy in a 
game with infinite number of rounds, then it will also win in a game with finite 
number of rounds. 

Lemma 10. n - r fe G ' a '= — > n - r^ a ' l=l 

n _ r G, a ,= ^ n _ r G, a ,( Gl ,<) 
n _ r G, a ,= ^ n _ r G, a ,(G 2 ,<) 

n 



_ r <W=j _, n _ r G,a,(G 1 ,<) v n _ r G,«,(G 2 ,<) 



Corollary 2. r gAa,a) ,( Sp l-ls q , Sl s 2 ) ^ ^at («i, s 2 ) 7^ (s P ,s q ) — -> T c 



Z,(o,a),(Gi 
00 



r Z,{a,a),(G 2 ,<) 
1 00 
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Fig. 12. Hierarchy of timed games 



This is immediate from lemma 10. 

Lemma 11. n - lf' <a ' a> ^ — ► n - r^ {a ' £ ^ a)Jj — ► n - r ^ {a ' £ ^ e) ' 

This is true since every node in the zone valuation graph has an implicit edge 
labelled with e. Here a G Lep. 

Lemma 12. n - if' (a ' a> ^ — ► n - r^ im ' (a ' a) '^ 

Thus assigning different values to each of these parameters n^, fcj, G^, a,, /3j in 
the zth subgame, we can generate a complete game hierarchy using the lemmas 
given above. Below we give a diagram which shows the hierarchy of the games 
that correspond to the timed relations in figure 1. The diagram in figure 12 is 
only a small part of the entire hierarchy of timed games defined in this paper 
and as in [3], this leaves us with the scope of defining several timed relations 
or embed existing relations that are not discussed in this paper into this game 
hierarchy. 



7 Conclusion 

In this paper, we have presented a hierarchy of games that can be played between 
two timed processes where these processes denote valuations of timed automata. 
Timed automata is a well studied formalism and the decidability results corre- 
sponding to several relations are known with respect to timed automata. The 
hierarchy among the games reflects the hierarchy among the timed relations. 



20 



The game hierarchy also allows us to embed several other timed relations that 
are not discussed in this paper. The closest to our works are [11] and [3]. Bisim- 
ulation games were first introduced in [11] and the game was extended in [3] 
where similar EF games have been designed to characterize process equivalences 
appearing in Van Glabbeek's spectrum [13]. As in [3], in our work too we provide 
a game template from which the entire hierarchy can be generated by assigning 
different values to the template parameters. However our case is more difficult 
since we deal with equivalences and preorders that involve real time. The main 
challenge here lies in designing the graph structure on which a game has to be 
played. We found that zone valuation graph introduced in [8] and its variants to 
be appropriate for this purpose. 
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